Sonatype Blog

As a long time conference attendee and sometimes speaker I always get especially excited for Red Hat summit. Maybe it's because I have always admired Red Hat the company and have been a fan of many of their technology solutions or maybe it's because I often see a lot of folks I know!

As the person at Sonatype responsible for marketing and channels, my team and I frequently sponsor, attend, and speak at a wide variety of technology conferences.

Over the years, we've learned first hand that not all of them are created equal. Turth be told, there are infinite options to choose from, and it's difficult to determine which ones are worthwhile, and which ones are not.

In that sense, technology conferences are quite similar to open source software components. There is an infinite volume and variety of options; but identifying the ones that will add the most value to your business is tricky.

Mark Burgess (@markburgess_osl) is a theoretical physicist, but in his keynote at the 2016 All Day DevOps conference, he talked more about economics and human interactives than physics. What does either have to do as the keynote for a conference on DevOps?

One of my favorite parts of the novel ThePhoenix Projectis when Bill Palmer, DevOps hero and VP of IT Operations for the fictional company “Parts Unlimited” has a light bulb moment about the central importance of IT to the business.

According to the recent DevSecOps Community survey, 80 - 90% of a modern application is assembled using open source and third party components. This is true whether you develop in Java, .NET, Ruby, Python or any other language. While these components dramatically improve the efficiency and velocity of development, they are often consumed without enough knowledge to underlying dependencies, license requirements, or potential security vulnerabilities.

Today we are excited to announce the availability of the incredibly popular repository manager and private container registries, Nexus Repository, on DC/OS. Among its many benefits, Nexus Repository will deliver the first, free, enterprise-scale private Docker registry to the Mesosphere DC/OS community.

Over the years, members of the Nexus Community have created interesting and useful integrations with our products. The list of projects has grown to the point where we need a central location to manage them. Today, we launch the Nexus Exchange. You’ll find integrations with Puppet, Chef, GitHub, Jenkins, Docker and many more of your favorite tools. The projects include integrations with Nexus 2, Nexus 3 and Nexus Lifecycle.

Many organizations are quickly maturing their CI/CD practices in the hopes of winning the innovation battle. But where do security and governance practices fit in? As organizations embrace DevOps, quality and security cannot become an afterthought. The good news is that many DevOps practitioners agree as evidenced by our recentDevSecOps survey. The data shows that mature DevOps organizations are automating security practices earlier in the development process compared to less mature DevOps organizations.

Sonatype's development team regularly schedules "innovation days" that allow team members time to focus on building projects that we believe will benefit our Nexus community. In one of the recent innovation days, I built a new integration between GitHub, Jenkins, and Nexus Lifecycle that we are making available to you through our new Nexus Exchange community -- the new home for integrations built by our own development team and the community at large.

Yesterday Dharmesh Thakker and his colleagues at Battery Ventures unveiled the Battery Open-Source Software Index. The BOSS Index is the result of a significant and thoughtful research effort designed to (a) empirically rank the relative popularity of open-source software projects, and (b) provide perspective on the innovative companies that are built upon open source technologies.